Privacy Policy

This Privacy Policy applies to: (a) parents, guardians and other adult account holders who register a PiggyTRK family ("Parents"); (b) co-parents who accept an invitation to a Parent's family; (c) children whose accounts are created and supervised by a Parent ("Children"); and (d) visitors to our public web pages. References to "you" mean any of the above as relevant.

PiggyTRK is designed so that Parents are responsible for any Child account in their family. A Child cannot create a PiggyTRK account on their own and we do not knowingly collect personal data directly from a Child without verifiable Parent action (account creation, invitation, or in-app input by the Parent).

We collect only the personal data we need to operate the Service.

2.1 Parent account data

• Identity: full name (or display name), email address, time zone, language preference.
• Authentication credentials: handled by our authentication processor (Clerk, Inc.). We receive an opaque user identifier and your verified email address; we do not see or store passwords.
• Billing data: subscription state (trialing, active, past due, cancelled), plan tier, currency, invoice history. Card numbers are tokenised and held by our payment processor (Stripe, Inc.); we never see or store full card numbers.
• Optional profile data: display avatar, pronouns, an opt-in "note to self" you write inside Settings.

2.2 Child account data (entered by a Parent)

• Display name, age tier, optional date of birth, optional gender.
• A unique kid username and a kid password. The kid password is salted and hashed with Argon2id before storage; we never store it in plain text.
• Avatar choice (an emoji, a generated DiceBear avatar, or an uploaded image if the Parent chooses to upload one).

2.3 Activity data generated inside the Service

• Family economy activity: chore submissions, withdrawal requests, loan requests and repayments, investment lots, ledger entries (denominated in our in-app currency "Piggy Bucks", with no tie to real money on the Child's side).
• Goals ("wishes") the Child or Parent creates, including title, emoji and notes.
• Family chat messages between members of the same family, if the chat feature is enabled by the Parent.
• Trivia questions completed and the Child's selected answers (used solely to compute their next question - we do not build a learning profile for sale or sharing).

2.4 Technical data

• IP address, user-agent string, request timestamps - used for security, abuse-prevention and basic diagnostics.
• Approximate country/region derived from your IP address. We do not collect precise geolocation.
• Crash and performance logs (no message content, no identifiers beyond the opaque user/family/kid IDs).
• Strictly-necessary cookies (session, CSRF, locale). See Section 7.

2.5 Communications you send us

If you write to us via the contact form, support email, or a social channel, we receive whatever you put in your message (typically your name, email address and the body of your request). We use this only to respond to you.

2.6 Data we do NOT collect

• We do not collect government-issued identifiers (NRIC, FIN, passport, NRIC photos).
• We do not collect health, biometric, religious or political data.
• We do not collect a Child's real bank-account information; the Child-side ledger is internal to the Service.
• We do not run third-party advertising trackers on any kid-facing surface.

We use personal data only for the following purposes (PDPA Purpose Limitation Obligation):

• To create, secure and maintain your account and your family's ledger.
• To process your subscription, including the 7-day free trial, recurring billing, refunds and dunning.
• To deliver the family economy features (chores, allowance, savings, investments, loans, withdrawals, family tax, family chat, goals, trivia, dashboards).
• To send transactional emails: account verification, billing receipts, security alerts, co-parent invitations, and similar service notices.
• To respond to support requests and feedback you submit.
• To detect, prevent and respond to fraud, abuse, security incidents and violations of our Terms of Service.
• To comply with legal obligations, court orders and lawful regulatory requests in Singapore and other jurisdictions where required.
• To improve the Service through aggregated, de-identified analytics that cannot reasonably be linked back to you or your Child.

We will not use personal data for materially different purposes without first notifying you and, where required, seeking fresh consent.

Under the PDPA, we rely on the following bases for processing personal data:

• Consent: when you create an account, submit the contact form, opt in to optional features, or otherwise provide personal data voluntarily.
• Deemed consent (necessary for a contract): when processing is required to provide the Service you subscribed to.
• Legitimate interests: for security, fraud prevention, network and information security, and aggregated service-improvement analytics, balanced against your interests.
• Legal obligation: where Singapore law or another applicable law requires us to retain or disclose personal data.

Where we rely on your consent, you may withdraw it at any time by writing to privacy@piggytrk.com. Withdrawal does not affect the lawfulness of processing carried out before your withdrawal, and it may end your access to parts of the Service that depend on the relevant data.

• Directly from you, when you sign up, sign in, complete onboarding, configure family settings, write content, or contact us.
• From a Parent, when the Parent creates or updates a Child account or invites a co-parent.
• From our authentication processor (Clerk) when you authenticate.
• From our payment processor (Stripe) when you subscribe.
• Automatically from your device, for the limited technical data described in Section 2.4.

We do not sell, rent, license or trade personal data. We disclose personal data only to the categories of recipients below, each of whom is bound by a written data-processing agreement that requires confidentiality and security protections at least as strict as those in this policy.

• Hosting and database: Vercel Inc. (web hosting), Neon Inc. (managed Postgres database).
• Authentication and billing: Clerk, Inc. (account authentication and subscription management) with card processing performed by Stripe, Inc.
• Email delivery: Elastic Email, Inc. for transactional email (account, billing and contact-form messages).
• Avatar generation: DiceBear (server-side SVG generation only; no personal data is sent to DiceBear).
• Optional AI assistance: if and when we use third-party large-language-model APIs to support a Parent feature (for example, drafting suggestions), we use providers configured with zero-retention APIs and we do not send Child personal data to them.
• Professional advisers: our auditors, insurers and legal counsel, under professional duties of confidentiality.
• Government authorities: when we are required to disclose personal data by Singapore law, court order, or another lawful request that we are bound to honour.
• Successors: in the event of a merger, acquisition, financing or sale of all or a substantial part of our business, personal data may be transferred to the acquirer, who will be bound by this Privacy Policy or one providing equivalent protection.

We use only the following client-side storage on the public web, parent app and kid app:

• Strictly-necessary cookies and tokens: session cookies issued by Clerk for authentication, kid session cookies issued by us for the kid app, CSRF tokens, and a small number of preference cookies (locale, theme). These cannot be turned off without breaking the Service.
• No advertising cookies, ever. We do not place advertising trackers, fingerprinting scripts or behavioural analytics on the kid surface, and we do not participate in cross-context behavioural advertising for parents either.
• Aggregated analytics: we may use a privacy-respecting product-analytics provider on the parent surface that records aggregated event counts (no message content, no Child IDs). You may request that we exclude your account from this analytics by writing to privacy@piggytrk.com.

Some of the data processors listed in Section 6 are based outside Singapore (notably the United States and the European Union). When personal data is transferred outside Singapore, we do so only where the recipient is bound to provide a standard of protection comparable to that under the PDPA, in line with the PDPA Transfer Limitation Obligation. The mechanisms we rely on include (a) contractual clauses (such as the Standard Contractual Clauses or equivalent) imposing PDPA -level safeguards, (b) recipient compliance with comparable data protection regimes (for example, the EU GDPR), and (c) recipient adherence to recognised certification frameworks where applicable.

We retain personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected (PDPA Retention Limitation Obligation). Specifically:

• Active accounts: while the account exists and for so long as it is needed to operate the family economy.
• After account deletion: we permanently delete or irreversibly anonymise personal data within thirty (30) days of a verified Parent deletion request, except for records we are legally required to retain (for example, billing records under Singapore tax law).
• Billing records: retained for a minimum of five (5) years from the end of the financial year to which they relate, in line with Singapore tax-record requirements.
• Security logs: retained for up to twelve (12) months and then aggregated or deleted.
• Contact-form messages: retained for as long as needed to handle the request, plus a short audit window, then deleted.

We take reasonable security arrangements to protect personal data in our possession or control (PDPA Protection Obligation). These include, among others:

• Encryption in transit (TLS 1.2 or higher) and encryption at rest (AES-256) for the production database.
• Argon2id hashing for kid passwords. Parent passwords are managed by our authentication processor.
• Row-level scoping of database queries to the requesting family.
• Append-only ledger entries on the money-truth tables (no in-place updates).
• Time-limited and audited production access for staff, with a least-privilege model.
• Regular backups with point-in-time recovery, plus periodic disaster-recovery rehearsals.
• Vulnerability disclosure channel; see Section 16.

No system is perfectly secure. Where you choose a weak password, share your account, or operate on a compromised device, the data on your account may be at risk; please follow standard account-hygiene practices.

If we become aware of a data breach affecting your personal data that meets the notification thresholds under the PDPA (significant scale or significant harm), we will notify the Personal Data Protection Commission (PDPC) within three (3) calendar days of our assessment, and we will notify affected individuals as soon as practicable thereafter, in line with section 26D of the PDPA. We will describe the nature of the breach, the data affected, the steps we have taken, and what you can do to mitigate harm.

Subject to the PDPA and applicable law, you may exercise the following rights with respect to your personal data:

• Right of access: request a copy of the personal data we hold about you and information about how we have used and disclosed it within the past twelve months.
• Right of correction: ask us to correct personal data that is inaccurate or out of date. You can update most fields yourself in your account settings.
• Right of withdrawal of consent: withdraw consent for any processing that relies on consent, at any time, on reasonable notice. Withdrawal may end your ability to use parts of the Service.
• Right of portability: where technically feasible, request a structured export of the family data you have provided.
• Right of erasure: request the deletion of your account and associated personal data, subject to records we are required to retain by law (see Section 9).
• Right to lodge a complaint: raise a complaint with us first; if you are dissatisfied with our response, you may lodge a complaint with the PDPC at pdpc.gov.sg.

Send any request under this section to privacy@piggytrk.com. We will respond within thirty (30) days, or sooner where required by law.

PiggyTRK is designed to be safe for use by children under parental supervision. Important specifics:

• A child cannot register an account on their own. Only a Parent (verified through Clerk) can create a Child account inside their family.
• The Parent is the lawful representative for any consent or rights request relating to that Child's personal data, until the Child reaches the age of majority in the Parent's jurisdiction.
• We do not show advertising to a Child, do not run advertising trackers on the kid surface, and do not use Child personal data to train AI models.
• The kid-facing currency ("Piggy Bucks") is internal to the Service and has no real-money value to the Child.
• If you believe a Child account was created without proper parental authority, please write to privacy@piggytrk.com and we will investigate and remove the account where appropriate.

We send transactional emails (account, billing, security, invitations) as part of operating the Service. These cannot be opted out of without ending your account.

We do not send unsolicited marketing email. If we ever introduce an optional newsletter, it will be opt-in only, with a one-click unsubscribe link in every message.

The Service may link to third-party websites (for example, Stripe's billing portal or external educational resources). We are not responsible for the privacy practices of those websites. Please review their privacy policies before providing personal data.

We may revise this Privacy Policy from time to time. The "Effective date" at the top of this page reflects the latest revision. If a revision materially affects your rights or how we use personal data, we will give you advance notice by email and inside the Service before it takes effect. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.

For any privacy-related question, request, or complaint:

• Email our Data Protection Officer: privacy@piggytrk.com
• General support and other questions: hello@xtrk.ai
• Mail: XTRK PTE. LTD., Singapore (full registered address available on request).